Fudge

infrastructure / README.md

Commits | bovarysme Add instructions to upgrade OpenBSD in README.md Committed on Oct 18, 2020

2.1 kB | Download

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# infrastructure

Create and provision an infrastructure on Vultr using Terraform and Ansible.

## Requirements

- [Ansible](https://www.ansible.com/) 2.9.4 or greater
- [Terraform](https://www.terraform.io/)

## Usage

- Install Ansible and Terraform.

### Create the infrastructure

- Copy the `pre-commit` Git hook to `.git/hooks/pre-commit`. This ensures the
  Terraform configuration files are properly formatted.
- Move to the `terraform` directory.
- Rename `terraform.example.tfvars` to `terraform.tfvars` and fill it in.
- Run the following commands:
```
$ terraform init
$ terraform plan
$ terraform apply
```

### Provision the infrastructure

- Move to the `ansible` directory.
- Rename `vars.example.yml` to `group_vars/app/vars.yml` and fill it in.
- Rename `vault.example.yml` to `group_vars/app/vault.yml` and fill it in.
- Create a `vault_pass` file and fill it with a randomly chosen password.
- Run the following commands:
```
$ ansible-vault encrypt group_vars/app/vault.yml
$ ansible-playbook -i vultr.ini playbooks/provision.yml
```

### Set up DNS records

- Create A and AAAA records for:
  - `{{ domain }}`,
  - `git.{{ domain }}`,
  - and `mail.{{ domain }}`.

- Create a MX record for `mail.{{ domain }}` with priority 10.
- Create a SPF record with value `v=spf1 mx -all`.
- Create a DKIM record with host `{{ dkim_selector }}._domainkey`, and the
  value given by the `dkim.py` script with the fetched DKIM public key.
- Create a DMARC record with host `_dmarc` and value
  `v=DMARC1;p=none;rua=mailto:postmaster@{{ domain }}`.
- Set `mail.{{ domain }}` as the reverse DNS for the default IPv4 and IPv6
  addresses.

### Upgrade OpenBSD

- Follow the upgrade guide:
  - Run sysupgrade.
  - Apply configuration changes.
  - Create and run a playbook to remove old files.
  - Upgrade packages with `pkg_add -u`.

- If needed, create and run a playbook to update Git inside the `/var/www`
  chroot, and update the Git role.
- If needed, run syspatch and reboot.

## License

This project is licensed under the terms of the MIT license.